Lookout Names Bad Ad Networks, Enforces New Adware Standards

Last month, mobile security company Lookout {{ZIFFARTICLE id="311776"}}announced that they would be enforcing tighter guidelines for adware{{/ZIFFARTICLE}}. After a 45 day grace period for ad networks to shape up, the time has come and Lookout has named names—and flagged the worst offenders in their app.

The new rules are focused on protecting users from aggressive information harvesting, and requiring user consent before ad networks use more imaginative means to send ads. "There's a lot of grey area because it's a new industry," Lookout product manager Jeremy Linden explained. "The rules aren't clearly set." Obviously, Lookout is aiming to change all of that.

The exact adware definition was provided in a press release from Lookout. Going forward, Lookout will define adware as, "an ad network that exhibits one or more of the following intrusive behaviors without requesting appropriate user consent: display advertising outside of the normal app experience, harvest unusual personally identifiable information, or perform unexpected actions as a response to ad clicks."

Lookout continues by defining user consent as, "providing a clear alert in the application that allows the user to accept or decline before any of the above behaviors takes place." This is in stark contrast to the current model in Google Play, where the user must accept all permissions requested by an app.

Adware, By The NumbersAccording to Lookout, 6.5 percent of Google Play is adware. That may not sound like much, but Lookout found that around one million U.S. Android users had downloaded adware.

Among adware apps, 26 percent were free personalization utilities, like live wallpapers. Racing and sports games were the next most common, at 23 and 18 percent respectively. These apps are generally free, meaning that users probably download them quickly and without much thought. Outside Google Play, Lookout says adware numbers are "significantly higher."

Speaking to Security Watch, Linden said that apps linked to the ad networks LeadBolt, Moolah Media, RevMob, SellARing, and SendDroid would be flagged as adware starting today.

Advertising Isn't Always a Dirty Word Even unobtrusive ads can be annoying, but Linden says that networks are are a key part of the mobile ecosystem. "Everyone has to make a living," Linden said to SecurityWatch. "Broadly speaking, users can't expect to have free apps and also have no advertising."

Ad networks give developers an easy way to monetize their free apps. Developers simply include an ad network's SDK in their code, apply the appropriate permissions, and then get a cut of the ad dollars generated.

By more tightly defining adware, Lookout has given a path for ad networks to improve and identified the most egregious ad networks out there. It's also cleared up space for developers who use ad networks to monetize their apps.

"We've always protected against some of the worst offenders in the adware world," said Linden. "We wanted to give companies a chance to change." Among the worst offenders are companies like Letang, which has aggressively targeted India and China and demonstrated some truly unusual behaviors.

The Dark Side Though ad networks can get people paid, they can also be a security concern. Linden explained to SecurityWatch that the information gathered by ad networks, which can include phone numbers and email addresses, is sometimes sent to servers overseas. In these situations, Linden says "there might not be clear standards regarding what they can and cannot do with your information." This is particularly true if the data is stored outside the U.S.

The worst case scenario, Linden said, was that this information could be sold off by unscrupulous persons to spammers.

More problematic than these dire scenarios are ad networks that went too far without user consent. Linden told SecurityWatch about ad networks that sent SMS messages unexpectedly from apps, or put ads in the notification bar. One company, said Linden, changed users' ringtone to instead play an advertisement.

What This Means For ad networks, Lookout's move makes it clearer what activities will be tolerated. They can, for instance, still send you ads via push notifications, but they have to ask you about it first. For developers, Lookout has made it clear how to avoid getting flagged as adware. Hopefully, this will encourage developers to choose ad networks that play fair instead of those that are a bit shady.

Linden says that Lookout hopes the new adware definitions will give consumers more confidence. "We believe that users should be able to know before they have their user experience changed," he said.

Lookout's approach is certainly pragmatic, and I'm eager to see if it brings about noticeable change for Android users. But part of me worries that this will end up muddying the issue of adware further by pitting Lookout against everyone else. The proof of Lookout's success probably won't be in adware numbers, but if Google Play starts to feel a little safer. Here's hoping.

About the Author

Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. When not polishing his tinfoil hat or plumbing the depths of the Dark Web, he can be found working to discern the 100 Best Android Apps.
Prior to PCMag, Max wrote... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.